But JSONP request works by creating a script tag, therefore i cannot add custom headers (Authorization).
You can work around it by supplying
access_token=abc-123 parameter in the JSONP request.
Note that token exposure is considered to be insecure and SmartThings really frowns upon any access token exposure.
thank you so much